App Store

Google Play

Details page - Device banner - 894x1036

Step into an infinite world of stories

Listen and read

Mackenzie Jackson & Dwayne McDaniel

The security repo is a podcast that focuses on real world security issues we are all facing today. We will take deep dives into news events and have exclusive interviews with security leaders on the ground.

The Security Repo

In this week's episode of The Security Repo Podcast, we are joined by Michael Harrison, a tech veteran who discusses the benefits and challenges of running your own email server in a world dominated by major providers, along with insights into the surprising persistence of fax technology in industries like healthcare. Michael also reflects on his pivotal role in bringing internet access to Chattanooga in the 1990s and shares practical advice on navigating walled gardens and enhancing system security. 

Michael describes himself as "A geek tweaking that status quo." He is the co-founder of Ring-U.

https://www.linkedin.com/in/mike-harrison-1985b21/

Getting Out Of Walled Gardens By Running Your Own Email - Michael Harrison

In this episode of the Security Repo Podcast, we delve into the intricate world of flight simulators and their unique cybersecurity challenges with guest Coburn Slay. He shares insights into managing both legacy and modern systems, the importance of compliance in operational technology, and his journey into tech starting at a young age. We also explore broader themes like the need for simplicity in cybersecurity tooling and combating misconceptions about age in the industry.

Coburn Slay is a passionate and driven young cybersecurity professional based in Tulsa, Oklahoma. His love for technology began at a young age, fueled by knowledgeable mentors and a natural curiosity to understand how things work. This drive has led Coburn to explore unique fields within cybersecurity, where he’s been able to gain hands-on experience and contribute to innovative research in the ever-evolving tech landscape.

 / coburn-slay-aa759a164 

https://openssf.org/

https://openssf.org/projects/zarf/

Securing Flight Simulators And Other Operational Technology - Coburn Slay

In this episode of the Security Repo Podcast, the team dives into the OWASP Top 10 for Large Language Model Applications with special guest Talesh Seeparsan, an expert in cybersecurity and AI safety. Talesh shares insights into why a specialized top 10 for LLM vulnerabilities is essential, delves into unique challenges like system prompt leakage and AI supply chain risks, and provides practical advice for small companies navigating AI compliance. The conversation wraps up with reflections on security best practices, including collaboration and skepticism about industry norms.

With over a decade in cybersecurity, Talesh is a trusted expert in protecting enterprise applications. He has collaborated with the U.S. DoD, developed Appsec training for Adobe, and secured identities for multibillion-dollar firms. Today, he guides companies in building secure, trustworthy, generative AI and LLM applications and volunteers with the OWASP Foundation team working on the OWASP Top Ten for LLMs. His north star is the safe, performant adoption of frontier AI.

https://www.linkedin.com/in/talesh

https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/

https://owasp.org/www-project-top-10-for-large-language-model-applications/

The Updated OWASP Top 10 for LLM Applications and the AI landscape - Talesh Seeparsan

In this episode of the Security Repo Podcast, we explore the fascinating and complex world of non-human identities (NHIs) with Jody Hunt from CyberArk. We discuss the challenges of authenticating machine workloads, delve into the "secret zero" problem, and consider how frameworks like SPIFFE are shaping the future of secure machine identity. Plus, Jody shares his journey through a tech acquisition and the enduring importance of thinking like an attacker in cybersecurity.

Jody has held diverse roles in software development, sales, and marketing. He has been an enthusiastic promoter of DevOps principles since 2010. He became aware of the growing security gap introduced by automation which led him to join Conjur in 2017. Four months later, CyberArk acquired Conjur to extend secrets management and machine identity solutions to DevOps, Cloud and Kubernetes workloads.

https://www.linkedin.com/in/jodyhuntatx/

https://spiffe.io/book/

https://blog.gitguardian.com/protect-secrets-with-cyberark-and-gitguardian-integration/

Securing Workload Identities And Working On Conjure - Jody Hunt

In this episode of the Security Repo Podcast, we talk with cybersecurity expert Stephanie Honore, about her journey into security, her work with the Freedom of Information Act (FOIA), and her insights on ethical AI and chain of custody in data handling. She shares her experience building software for evidence management and her thoughts on the intersection of security and legal frameworks. We also explore her creative side as a "spycore" musician blending cybersecurity themes with nerdcore music.

Stephanie Honore, also known as Scarlett Danger, is a professional programmer, building applications by day, and a volunteer OSINT investigator by night for NGOs that combat human trafficking. She has been a member of WiCyS (Woman of Cybersecurity) since 2016 and attended Hacker On The Hill in Jan 2024. She began by attending the local hacker meetups and frequently attends cybersecurity conferences such as BSides and Texas Cybersecurity Summit. She recently started joining online chat communities on Discord and IRC where she is getting a lot of exposure to a different side of the security field.

Outside of work she likes making nerdcore music about security and intelligence ( a genre she has dubbed spycore) inspired greatly by performers like YTCracker, MC Frontalot, and Yung Innanet. You can listen to one of my songs here. 

https://soundcloud.com/scarlett_danger/hack-the-planet-v2?in=scarlett_danger/sets/internet-feels

https://www.linkedin.com/in/smhonore/

https://smhonore.deno.dev/

https://www.wicys.org/

https://www.muckrock.com/news/archives/2024/aug/26/with-a-little-help-from-the-national-archives-nsa-finally-releases-grace-hopper-lecture-watch-it-here/

The Freedom Of Information Act, Ethical AI, And NerdCore Music - Stephanie Honore

In this episode of the Security Repo Podcast, we explore the intersection of observability and security with special guest Josh Lee, a developer advocate at Altinity and expert on Clickhouse and OpenTelemetry. 

We discuss the evolving definition of observability, how context and tagging enhance both security and observability practices, and how databases like ClickHouse® compare to Snowflake for monitoring applications at scale. Josh also shares insights on DevOps culture as a "foreign language" and how to bridge gaps between developers and operators in adopting modern practices.

Josh is a seasoned software developer with over a decade of experience, specializing in a broad range of topics including operations, observability, and cloud-native databases. His passion for technology is matched by his enthusiasm for sharing knowledge through public speaking. Currently, Josh serves as a Developer Advocate for Altinity, where he creates educational content on ClickHouse® and OpenTelemetry.

Find Josh at 

https://www.linkedin.com/in/joshuamlee/

@joshleecreates@hachyderm.io

@joshleecreates.bsky.social

and on the Altinity Slack

https://altinity.com/

Observability ownership, monitoring apps at scale, and learning DevOps like a language- Josh Lee

In this episode of the Security Repo Podcast, we dive into the world of ISACs (Information Sharing Analysis Centers) with Cherie Burgett. Cherie shares insights into the nuanced field of cyber threat intelligence, discussing how interpretation techniques like hermeneutics can enhance understanding of threat actor behavior. The conversation also explores practical approaches to information sharing, intelligence delivery, and the importance of balancing concise communication with actionable insights.

Since its inception, Cherie Burgett has worked with the Mining and Metals ISAC. As the Director of Cyber Intelligence Operations. Cherie is responsible for researching and analyzing the ever-changing threat landscape affecting the mining and metals sectors. With a unique philosophy and approach to cyber threat intelligence incorporating lessons learned from studies in the arts and humanities, she brings a nuanced perspective to the ethics and human condition relating to both threat actor groups and the people defending our critical infrastructure.

Recent Articles about Hermeneutics Applied to Cyber Threat Intelligence - 
https://www.linkedin.com/pulse/hermeneutics-cyber-threat-intelligence-part-1-tactical-cherie-burgett-x8ime/?trackingId=n33uyXThS%2FCcMkPYyNMCVQ%3D%3D

https://www.linkedin.com/pulse/hermeneutics-cyber-threat-intelligence-part-2-why-cherie-burgett-8xmfe/?trackingId=n33uyXThS%2FCcMkPYyNMCVQ%3D%3D

https://www.linkedin.com/pulse/hermeneutics-cyber-threat-intelligence-part-3-planning-cherie-burgett-xgzwe/?trackingId=n33uyXThS%2FCcMkPYyNMCVQ%3D%3D

Leveraging Hermeneutics In Cyber Threat Intelligence at The MM-ISAC - Cherie Burgett

In this episode of the Security Repo Podcast, Dwayne and Kayssar sit down with Dustin Lehr, co-founder and chief product and tech officer at Katilyst , to explore the power of Security Champions programs. Dustin shares insights from his journey as a software engineer turned cybersecurity leader and explains how security champions can bridge the gap between security teams and developers. The conversation covers trust-building, best practices for implementing a successful champions program, and how to measure its impact in ways that resonate with executives.

Dustin Lehr is an accomplished software engineer turned executive cybersecurity leader who designs security programs that reinforce proactive behavior to avoid security incidents. He is the Co-founder / Chief Product and Technology Officer at Katilyst, a company dedicated to helping organizations enhance their culture by building engaging security champion programs. Dustin is also the driving force behind the Security Champion Program Success Guide and possesses a wealth of experience in application security, providing innovative coaching and consulting services. In addition, he is a prominent community thought leader, speaker, and founder of the "Let's Talk Software Security" monthly open discussion meetup group.

https://www.linkedin.com/in/dustinlehr/

Katilyst - https://www.katilyst.com/

Security Champion Program Success Guide - https://securitychampionsuccessguide.org/

"Let's Talk Software Security" - https://www.meetup.com/lets-talk-software-security/

Understanding Security Champions and Making Human Connections - Dustin Lehr

In this episode of the Security Repo Podcast, Dwayne and Kayssar dive into Kayssar's role as a security leader at GitGuardian, exploring his responsibilities, challenges, and the balance between proactive and reactive security work. They also discuss the evolution of security tools, the importance of relationship-building in security roles, and share insights on vulnerability management and security awareness training. Kayssar offers a unique perspective on what the security industry is getting right, as well as areas that need improvement, especially regarding VPNs and vulnerability prioritization.

Kayssar Daher is a systems security & data privacy enthusiast specializing in securing SaaS platforms.

If you'd like to know more about what he do, check out his blog: https://the.secure.engineer

https://www.linkedin.com/in/daherk/

What Does It Mean To Be A Security Lead - A Conversion With Kayssar Daher

In this episode of the Security Repo Podcast, we dive into the concept of defense in depth with guest John Poulin, who shares insights on secure code reviews, architecture design, and threat modeling. We discuss the importance of integrating security tests into development workflows, the role of security headers in assessing a company's security posture, and the challenges of implementing robust audit logging. Plus, John recounts the day GitHub logged out all users due to a security bug and offers advice on avoiding over-reliance on web application firewalls.John Poulin leads Cloud Security Partners' technology and platform development. He is an experienced application security practitioner with over 10 years of experience in software development and security. Over his tenure, John has worked with many Fortune 500 companies and startups to perform secure code review, architecture, and design discussions, as well as threat modeling.Previously, John served as a staff manager of product security engineering, a role in which he and his team focused on performing secure code review of features and services, performing threat modeling, and helping to ensure that Cloud Security Partners' software ecosystem moves toward security maturity. John has also served as the director of engineering, where he focused on leading engineering teams through multiple stages of security-focused product development.John has given talks or training at many industry conferences, such as DEF CON, LASCON, DevSecCon, CactusCon, and Source, as well as various Ruby and OWASP events about practical application security.In his free time, John enjoys spending time with his family, traveling, playing adult league softball, and making hot sauce.https://www.linkedin.com/in/johnmpoulinLogs wall of shame https://Audit-logs.taxSSO wall of shame https://sso.tax/

Defense In Depth Means Writing More Tests To Make Sure You Don't Regress - John Poulin

In this episode of The Security Repo podcast, we dive deep into the evolving landscape of security within software development with our guest, Rachel Stephens, a senior analyst at RedMonk. Rachel sheds light on the broader implications of the "shift left" movement, emphasizing the integration of security practices throughout the entire software development lifecycle rather than viewing it as an isolated final step. This conversation explores how developers and security professionals can work together more effectively, the role of tools in aiding or hindering this collaboration, and the importance of understanding security from a holistic viewpoint. With insights into the latest trends, challenges, and solutions in securing our software development processes, this episode is a must-listen for anyone interested in the intersection of development, security, and industry analysis.

Show Notes
https://redmonk.com/ 

Introduction: 0:00
Analyst Role / RedMonk: 2:18
Shift Lift: 4:27 
Dev and Sec in Conflict: 6:20 
Shift Left Where?: 9:35 
What about micro applications?: 11:08
What is Shift Right?: 15:15
GitGuardian:20:22
How do you Shift Left?: 21:20 
Measure what matters: 25:20
Best and Worst Advice: 27:30
RedMonk: 29:39

Decoding Security: An Analyst's Perspective on Trends and Tools

Listen and read

Other podcasts you might like ...